URL bruteforcer to locate existing and/or hidden files or directories.

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 5 - Production/Stable
Intended Audience
- Developers
License
- OSI Approved :: MIT License
Operating System
- OS Independent
Programming Language
- Python :: 2
- Python :: 3
Topic
- Software Development :: Build Tools

Project description

urlbuster

URL bruteforcer to locate existing and/or hidden files or directories.

Similar to dirb or gobuster, but also allows to iterate over multiple HTTP request methods, multiple useragents and multiple host headers.

Features

Test with different useragents
Test with different host headers
Test different request methods
Test with and without a trailing slash
Specify which http status code yield a successful request

Installation

pip install urlbuster

Usage

usage: urlbuster [options] -w <path> URL
       urlbuster --help
       urlbuster --version

URL bruteforcer to locate existing and/or hidden files or directories.

Similar to dirb or gobuster, but also allows to iterate over multiple HTTP request methods,
multiple useragents and multiple host headers.

positional arguments:
  URL                   The base URL to scan.

required arguments:
  -w f, --wordlist f    The path of the wordlist.

optional arguments:
  -c str, --code str    Comma separated list of HTTP status code to treat as success.
                        Default: 200, 204, 301, 302, 307, 403
  -m str, --method str  Comma separated list of HTTP methods to test for each request.
                        Supported methods: Note, each supplied method will double the number of requests.
                        GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS
                        Default: GET
  -s str, --slash str   Append or omit a trailing slash to URLs to test.
                        Options: both, yes, no.Note using 'both' will double the number of requests.
                        Default: no
  -a str, --agent str   Useragent header to send.
  -A f, --agent-file f  Newline separated list of useragents to use.
                        Note, each supplied useragent will double the number of requests.
  -h str, --host str    Host header to send.
  -H f, --host-file f   Newline separated list of host headers to send.
                        Note, each supplied host header will double the number of requests.
  -t s, --timeout s     Connection timeout in seconds.
                        Default: 5
  -r x, --retries x     Connection retries.
                        Default: 3
  --help                Show this help message and exit
  --version             Show version information

Motivation

I came across a couple of websites that behaved differently depending on the specified useragent. The feature of iterating over multiple specified useragents and other HTTP header values or request methods was lacking from current tools.

$ urlbuster \
  -w /usr/share/dirb/wordlists/common.txt \
  -A /usr/share/urlbuster/examples/useragents-basic.txt \
  -m 'POST,GET,DELETE,PUT,PATCH' \
  http://domain.tld

Base URL:       http://domain.tld
Timeout:        10s
Retries:        3
Valid codes:    200, 204, 301, 302, 307, 403
Useragents:     2
Host headers:   0
Methods:        5 (POST, GET, DELETE, PUT, PATCH)
Words:          4614
Slashs:         no

Total requests: 46140

####################################################################################################
[HEADER] User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
####################################################################################################
[200] [GET]    http://domain.tld/robots.txt

####################################################################################################
[HEADER] User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25
####################################################################################################
[301] [POST]   http://domain.tld/robots.txt
[301] [GET]    http://domain.tld/robots.txt
[301] [DELETE] http://domain.tld/robots.txt
[301] [PUT]    http://domain.tld/robots.txt
[301] [PATCH]  http://domain.tld/robots.txt

Disclaimer

This tool may be used for legal purposes only. Users take full responsibility for any actions performed using this tool. The author accepts no liability for damage caused by this tool. If these terms are not acceptable to you, then do not use this tool.

License

MIT License

Project details

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 5 - Production/Stable
Intended Audience
- Developers
License
- OSI Approved :: MIT License
Operating System
- OS Independent
Programming Language
- Python :: 2
- Python :: 3
Topic
- Software Development :: Build Tools

Release history Release notifications | RSS feed

0.5.1

Jan 30, 2021

0.5.0

Jan 31, 2020

0.4.1

Jan 29, 2020

0.4.0

Jan 28, 2020

0.3.0

Jan 27, 2020

This version

0.2.0

Jan 26, 2020

0.1.1

Jan 26, 2020

0.1.0

Jan 26, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

urlbuster-0.2.0.tar.gz (6.7 kB view hashes)

Uploaded Jan 26, 2020 Source

Built Distribution

urlbuster-0.2.0-py2.py3-none-any.whl (8.2 kB view hashes)

Uploaded Jan 26, 2020 Python 2 Python 3

Hashes for urlbuster-0.2.0.tar.gz

Hashes for urlbuster-0.2.0.tar.gz
Algorithm	Hash digest
SHA256	`c6ecb2c23f5f9d4a6f5d28a6d3d3639fc8945e177cf68963eaffe65df7c2d2ea`
MD5	`bb763f6802b79d651c0ce841fee994e5`
BLAKE2b-256	`2a4c895cc9e5762b6be31971bf7b7e8f48d650150598e0d62803b78db6662404`

Hashes for urlbuster-0.2.0-py2.py3-none-any.whl

Hashes for urlbuster-0.2.0-py2.py3-none-any.whl
Algorithm	Hash digest
SHA256	`1684b6852a06c200fa7b2142aa6b4ffa6062158e3d6e67eb8abd1854cdf50554`
MD5	`3a2152e5ffba0a207ce47989149f02bc`
BLAKE2b-256	`d65a4fb4202e218f5ecc691c3e224edc716781bc1cee613a1d39170dbbbae56a`